Alexa metrics
Live Chat

Welcome to UKFast, do you have a question? Our hosting experts have the answers.

Chat Now
Sarah UKFast | Account Manager

Supply chain cyber attacks: What you need to know to stay protected

21 March 2022 by Sheetal Targe

UKFast’s Security & Compliance Director, Stephen Crow warns supply chain cyber security is the key battleground for hackers and attacks are just going to get worse.

Such attacks are behind several high-profile attacks in recent years, and are only set to increase in number over the coming months and years. In fact,

If you’re concerned about the impact on your business here’s a quick overview of what you need to know.

What is a supply chain attack?

A supply chain attack is designed to damage one or multiple organisations by infiltrating a less secure link in the supply chain. Common examples include targeting software or website hosting platforms that are used by multiple organisations.

These attacks are becoming increasingly common because they allow malicious actors to target multiple organisations with the same action.

How does a supply chain attack work?

An estimated 62% of supply chain attacks use malware, and 66% focus on infiltrating the suppliers’ code, with a view to infiltrating your customers’ networks. There are several common ways attackers do this:

  • Targeting a web hosting platform: This involves compromising all websites hosted on a web hosting platform and causing multiple simultaneous outages. 
  • Drive by downloads: When malicious programmes are unknowingly downloaded and installed, attackers can engineer the download by identifying, infiltrating and compromising a commonly used website of the target organisation.
  • Targeting third party suppliers who’ve suffered a software breach: By replacing legitimate code with an infected variant, attackers gain remote access to the systems of any organisation that downloads the software in future. This is difficult to detect because the malware exists within the source code itself.

What prolific supply chain attacks have happened in recent years?

In recent years, several prolific cyber attacks have been traced back to organisations’ supply chain providers. Here are two of the most common examples:

  • In 2021, cybersecurity provider Mimecast was targeted by a sophisticated threat actor. The attack involved a certificate, which the company used to authenticate clients’ access to Microsoft 365 Exchange Web Services, being breached. This affected about 10% of clients.
  • The recent attack of American software company SolarWinds affected organisations as diverse as the Pentagon, US Homeland Security, Microsoft, and CISCO. These organisations all used SolarWinds’ network management system, which was infiltrated by Russian state actors when a routine update contained malicious code. This led to personal information of countless companies, as well as national security data being compromised.

Supply chain attacks are successful and popular because prolific and well-established organisations are only as secure as the weakest link in their supply chain. So how do you stay protected?

How can you protect your organisation from supply chain attacks?

There are several important steps you can take to protect your organisation from supply chain related attacks.

Use contractual clauses to govern security

When selecting and assessing supply chain partners, it’s important to make cybersecurity a vital prerequisite of doing business. You can do that by requiring:

  • Industry certifications such as ISO 2700, PCI DSS, and SOC II
  • Regular 3rd party risk assessments
  • Copies of policies on vulnerability scanning, cyber security training and data breach notifications
  • A full history of any security compromises
  • Requiring a software bill of materials (SBOM) from software providers – a formal record of details and supply chain relationships of software components.

Enforcing these clauses will mean your suppliers and partners will be contractually bound to protect you from supply chain related attacks.

Are your supplier relationships worth the risk?

Working with a third party provider always comes with some level of risk. And while it’s impossible to eliminate that risk completely – it is possible to reduce the risk as much as possible. So how do you do that? Our NEMYSIS Protocol has been a successful approach for many customers.

  • Need to access policy

A key way of reducing risk is to avoid giving access to people who don’t need it. By granting the least amount of access necessary, it’s much easier to ensure the security of those suppliers who do need access.

  • Monitoring suppliers’ software activity

It’s not enough to require your suppliers to be secure – you need to monitor their software activity. Pay attention to network activity, behavioural analysis and any advanced persistent threats (APTs) that are relevant to your industry.

  • Integrate cyber security in supplier reviews

Effective security isn’t something you do just once – it needs to be constantly monitored. When working with suppliers, require regular cyber security reviews to monitor their performance and proactively identify any potential risk.

  • System to remove supplier

It’s also important to make sure you have a backup plan if your suppliers aren’t found to be properly secure. Make sure you have an effective system to remove suppliers, and that your supplier contracts can enforce these policies.

  • Significance of risk vs value of supplier

Every supplier you work with should have their own risk vs. value analysis, weighing up the benefits of using the supplier against the risk to your data. Regularly comparing and assessing this risk will enable you to identify when risky suppliers aren’t worth the relationship.

  • Enforcing cybersecurity collaboration

As well as this, it’s also important to enforce regular and open collaboration on cybersecurity with supply chain partners. You can do this by:

  • Sharing threat intelligence
  • Requiring early notification of vulnerabilities
  • Creating joint incident response planning
  • Enforcing clear escalation procedures
  • Requiring results of penetration tests

Through an ongoing collaboration between you and your supply chain partners, you’ll be able to easily and proactively identify when potential vulnerabilities occur. This gives you the peace of mind that your business is safe from any supply chain related attacks or vulnerabilities.

Chat with our experts

Whether it’s scanning your own environment for vulnerabilities or working with supply chain partners – staying secure is more important today than it ever has been. With cyber attacks of all types on the rise, the time is now to make sure you’re protected.

If you want to find out more about supply chain attacks or any other kind of security breach, get in touch with our team today.